On Tue, Mar 4, 2014 at 10:05 AM, Roy Smith <r...@panix.com> wrote: > In article <mailman.7670.1393885170.18130.python-l...@python.org>, > Cameron Simpson <c...@zip.com.au> wrote: > >> On 03Mar2014 09:17, Neal Becker <ndbeck...@gmail.com> wrote: >> > Charles R Harris <charlesr.har...@gmail.com> Wrote in message: >> > > >> > >> > Imo the lesson here is never write in low level c. Use modern >> > languages with well designed exception handling. >> >> What, and rely on someone else's low level C? > > Don't laugh. http://c2.com/cgi/wiki?TheKenThompsonHack
I don't think malicious interference with C compilers is the issue here, so much as the constant discovery of flaws in honestly-written C code. Currently, I'm porting a MUD client from C++ to Pike. On average, a hunk of code shrinks by about 50% during the translation, mainly because I can let memory management happen elsewhere. (Sometimes the difference is even more dramatic. I wrote my own binary tree in the C++ client, because the compiler I was targeting at the time didn't provide a suitable mapping type; now, I just call on the language's facilities, and it's more efficient and takes no code whatsoever. That's basically one entire module eliminated.) Along the way, I'm noticing myriad little issues around the place, where too much data would result in something being truncated (I was careful in most places to ensure that it couldn't blow the stack, although I certainly wouldn't bet money that I was perfect on that score), and the truncation could have unexpected results. Malformed data coming in over a TCP socket would eventually consume all the buffer space and then make the client think the other end had closed its connection. That one I knew about and didn't care, but there were others that were weird and esoteric and would *most likely* never happen. Writing low level code opens you up to a huge collection of weird behaviours that might, at best, become bug reports that you spend hours trying to solve. At worst, they become exploits. Yes, high level languages have their own attack vectors, but I'd much rather have the entire python-dev team working to solve my problems than me alone :) ChrisA -- https://mail.python.org/mailman/listinfo/python-list
